The Hacker News — Cyber Security, Hacking, Technology News

So you are in a party with your friends, and your phone is running low on battery. Oops!

The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party.

What if you can charge your phone wirelessly using another phone when it runs out of battery?

Isn't that great? Well, thanks to Sony, you might soon be able to use your friends’ phones to charge your own device.

According to a recently published patent application, Sony is working on a new futuristic technique that enables wireless power exchange between various nearby consumer electronic devices, including smartphones, computers, microwave, washing machine, fridges, and TVs, without cords.

Wireless charging isn't a new concept at all, but this is the first time when the Near Field Communications (NFC) technology is being used for power transfer wirelessly between two devices, that too over considerable distances.

NFC is a technology that allows data transfer over a short-range, which is why two devices have to be placed nearby, under a certain distance, for the given wireless technology to work.

Titled "Configuration of Data and Power Transfer in Near Field Communications," the patent describes where any consumer electronic with NFC chip might be able to search for other devices with the similar technology and connect with them to transfer power, the same way a device searches for available Wi-Fi hotspots.

However, the patent doesn’t detail how well this technology would actually work and has no word over the distance for which this technology might work between two devices.

"The distances over which the wireless communication can be achieved is typically consistent with distances used for wireless electrical power transfer through the power transfer antenna," Sony's patent document reads.

The patent also does not specify that these devices would necessarily be smartphones or computers; instead, it uses the term "portable consumer electronic device," which could be a fridge, TV, computer, microwave, washing machine, and so on.

This technology could eliminate one of your worst pains of always carrying out bulky power banks and multiple charging cables, provided your friends or smart appliances are willing to share their battery power to charge your phone.

However, patenting an idea does not necessarily mean we will ever see the idea come to life, but if succeeded, your phone will automatically start charging while you walk into a room – Thanks to Smart TVs, microwaves and other devices with NFC-enabled.

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu.

The latest Linux kernel flaw (CVE-2017-2636), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash).

Since the flaw dates back to June 2009, Linux enterprise servers and devices have been vulnerable for a long time, but according to Positive Technologies, it is hard to say whether this vulnerability has actively been exploited in the wild or not.

"The vulnerability is old, so it is widespread across Linux workstations and servers," says Popov. "To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn't require any special hardware."

The researcher detected the vulnerability during system calls testing with the syzkaller fuzzer, which is a security code auditing software developed by Google.

Popov then reported the flaw to kernel.org on February 28, 2017, along with the exploit prototype, as well as provided the patch to fix the issue.

The vulnerability has already been patched in the Linux kernel, and the security updates along with the vulnerability details were published on March 7.

So, users are encouraged to install the latest security updates as soon as possible, but if unable to apply the patch, the researcher advised blocking the flawed module (n_hdlc) manually to safeguard enterprise as well as home use of the operating system.

In the digital world, it just takes one click to get the keys to the kingdom.

Do you know spear-phishing was the only secret weapon behind the biggest data breach in the history?

It’s true, as one of the Yahoo employees fell victim to a simple phishing attack and clicked one wrong link that let the hackers gain a foothold in the company's internal networks.

You may be familiar with phishing attacks — an attempt to steal user credentials or financial data — while, Spear-phishing is a targeted form of phishing in which attackers trick employees or vendors into providing remote-access credentials or opening a malicious attachment containing an exploit or payload.

Here's how the Yahoo's massive data breach was traced back to human error and who were the alleged masterminds behind this hack.

While the indictment provided details on the 2014 Yahoo hack, the FBI officials recently gave a fresh insight into how the two officers from the Russian Federal Security Service (FSB) hired two hackers to gained initial access to Yahoo in early 2014.

Here's How the Yahoo Hack Initiated:

The hack began with a "Spear Phishing" e-mail sent to a "semi-privileged" Yahoo employees and not the company's top executives early in 2014.

Although it is unclear how many Yahoo employees were targeted in the attack and how many emails were sent by the hackers, it only takes one employee to click on either a malicious attachment or a link, and it gave attackers direct access to Yahoo's internal networks.

Since the Account Management Tool did not allow for simple text searches of usernames, the hackers began identifying targets based on their recovery email address.

Once identified, the hackers then used stolen cryptographic values called "nonces" to generate forged access cookies for specific user accounts, giving both the FSB agents and Belan access to users’ email accounts without the need for any password.

According to the FBI, those cookies were generated many times between 2015 and 2016 to access "more than 6,500 Yahoo accounts," out of the roughly 500 million accounts.

Victims Targeted by the Russian Spies:

According to the indictment, among other foreign webmail and Internet-related service providers, the Russian spies accessed the Yahoo accounts belonging to:

An assistant to the deputy chairman of Russia.

An officer in Russia's Ministry of Internal Affairs.

A trainer working in Russia's Ministry of Sports.

Russian journalists.

Officials of states bordering Russia.

U.S. government workers.

An employee of a Swiss Bitcoin wallet company.

A U.S. airline worker.

FBI special agent John Bennett told a news conference that Yahoo first approached the bureau in 2014, regarding the hack and was "great partners" during its investigation.

However, the company took two years to go public in December 2016 with details of the data breach and advised hundreds of millions of its customers to change their passwords.

Baratov was arrested on Tuesday by the Toronto Police Department, while Belan and the two FSB officers are in Russia. The United States has requested all the three to be handed over to face charges, but the US has no extradition treaty with Russia.

Are you clicking nude selfies? That is fine and not any criminal act, but this act can land you in trouble — here's how!

Almost three years after a wave of private photographs of celebrities leaked online, "The Fappening 2.0" appears to be underway with the circulation of alleged naked pictures of female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan.

The Fappening 2.0: It's Happening Again!

However, in the latest leak, which has been heralded online as "The Fappening 2.0," the personal photographs of Amanda Seyfried and Emma Watson — ranging from regular selfies to explicitly sexual photos — have been leaking online since Tuesday night.

According to a screenshot from an original 4chan thread, unknown hackers will be posting more intimate photos of female celebrities, including Kylie Jenner, Marisa Tomei, Jennifer Lawrence and several others, over the next few days, which indicates it's just the beginning of The Fappening 2.0.

The affected celebrities did not immediately comment on the invasion of any privacy on their side, but the photographs appear to be authentic.

A representative for Watson has also confirmed that she is taking legal action against the latest leak and that some of the images circulating online are legitimate, saying:

"Photos from a clothes fitting Emma had with a stylist a couple of years ago have been stolen. They are not nude photographs. Lawyers have been instructed and we are not commenting further."

While, leaked images of Watson show the actor posing in various swimsuits and outfits in front of a mirror, the alleged photos of actors Amanda Seyfried and Jillian Murray are much more explicit, appearing to show the stars nude and, in some images, engaging in sexual activity.

There are also pictures and videos that the leaker claims to be of Watson filming herself naked in the bathtub, while another showing her masturbating. But since the face of the woman in the shots can not be seen, this can't be confirmed.

There is yet no information on the source of the leaks or how the personal photos of celebrities were obtained, but the anonymous hackers are claiming that these leaks are just the tip of an iceberg and they're about to release the next batch of celebrities to get their photos leaked.

The most famous celebrities in the list of next wave of private photographs of celebrities appear to be Marisa Tomei, Kylie Jenner, and Jennifer Lawrence.

How To Keep Your Private Photos Private

If you are looking for the best way to keep your photos off the Internet, the simplest solution to this is — Don't click them. But if you do so, there are a few steps that you can follow to minimize the risk:

Do not click on any suspicious links or attachments in the email you received.

When in doubt, contact the sender to confirm that he or she actually sent the email to you or not.

Never provide your personal or financial information through an email to anyone.

No service, be it Google, Apple, or Microsoft, ever asks for your password or any other sensitive personal information over an email.

It's always a good idea to regularly update your passwords and security questions.

Enable two-factor authentication on your accounts and always choose a strong and different password for all your accounts. If you are unable to create and remember different passwords for each site, you can use a good password manager.

The 2014 Yahoo hack disclosed late last year that compromised over 500 million Yahoo user accounts was believed to be carried out by a state-sponsored hacking group.

Now, two Russian intelligence officers and two criminal hackers have been charged by the US government in connection with the 2014 Yahoo hack that compromised about 500 million Yahoo user accounts, the Department of Justice announced Wednesday.

According to the prosecutors, at least 30 million accounts were accessed as part of a spam campaign to access the email contents of thousands of people, including journalists, government officials, and technology company employees.

The four defendants — Two officers from the Russian Federal Security Service (FSB) and two other hackers — are identified as:

Dmitry Aleksandrovich Dokuchaev, 33 — an officer in the FSB Center for Information Security at the time of the hack, and now Russian national and resident.

Igor Anatolyevich Sushchin, 43 — an FSB officer, a superior to Dokuchaev within the FSB, and Russian national and resident.

Alexsey Alexseyevich Belan, aka "Magg," 29 — a Russian national and resident, who has been on the FBI’s Most Wanted Hackers list and indicted twice in 2012 and 2013 by U.S. Federal grand juries for hacking and fraud charges.

Karim Baratov, aka "Kay," "Karim Taloverov" and "Karim Akehmet Tokbergenov," 22 — a Canadian and Kazakh national and a resident of Canada.

In a 38-page indictment [PDF] unsealed Wednesday, the prosecutors said the two Russian spies worked with two other hackers to break into and gained initial access to Yahoo in early 2014.

Belan, who is on the FBI's most-wanted cybercriminals list, used the file transfer protocol (FTP) to download the Yahoo database, containing usernames, recovery e-mail accounts, phone numbers as well as "certain information required to manually create, or "mint," account authentication web browser “cookies” for more than 500 million Yahoo accounts."

The spies then used the stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including those of Russian and American officials, Russian journalists, employees of financial services and other businesses.

The range of charges are officially listed as:

Conspiring to commit computer fraud and abuse

Conspiring to engage in and the theft of trade secrets

Conspiring to engage in and committing economic espionage

Conspiring to commit wire fraud

Counterfeit access device fraud

Counterfeit access device making equipment

Aggravated identity theft

Transmitting code with the intent to cause damage to computers

Unauthorized access to a computer for obtaining information for commercial advantage and private financial gain

Baratov was arrested on Tuesday by the Toronto Police Department, while Belan and the two FSB officers are in Russia. The United States has requested all the three to be handed over to face charges, but the US has no extradition treaty with Russia.